I grow weary of reading these "hacking," "cyberspy," etc articles. They always read like a plot of a bad action movie (Hackers, Swordfish, etc) rather than what people who actually work in the sector (IT, Security, even programming) have to deal with day to day.<p>Just once, I'd love to read an article that talks in specifics, like how they got in (e.g. via exploit XYZ), how they spread (e.g. via hole in network policy XYZ), and what was done about it.<p>Also, if this super-top-secret information is so vital to the US's national security then why was it in the hands of a private company? I might be misunderstanding something here, but it seems less like information vital to national security and more like information vital to that company's future success (i.e. industrial espionage).<p>I cannot help but wonder if someone at this company (e.g. former CIA director) made a few phone calls and turned an industrial espionage incident into a national security incident in order to cover their arses.
The only thing as breathtaking as the amount of information the Chinese military has stolen is how dysfunctional their military is. Here [1] is an excellent article about corruption in the Chinese military. The Chinese government is a bizarre mix of authoritarianism, greed, patronage and nationalism, and it has no clear structure. The military is no different. It doesn't matter how much technology they have; as long as the military has no internal cohesion and accountability, they will never overtake the United States.<p>Here's a quote from the article, citing a 'princeling':<p>" "China no longer has a paramount leader who can hammer down authority at crucial junctures. "Gangs" of patronage and bribery are congealing together, he said, adding that "Corruption is the glue that keeps the whole system together, after the age of idealism." "<p>And another:<p>" A third princeling, whose father once ran China's security apparatus, blames Jiang for sabotaging the last leadership transition in 2002 by refusing to relinquish control of the military. He said Jiang promoted dozens of generals who are, as he put it, either "henchmen" or "morons." The result is that nobody is really in control, he said. "<p>[1] <a href="http://www.foreignpolicy.com/articles/2012/04/16/rotting_from_within?page=full" rel="nofollow">http://www.foreignpolicy.com/articles/2012/04/16/rotting_fro...</a><p>Note: You don't have to sign up for foreignpolicy.com to read the article. Just disable JS or stop the page from loading before the popup shows up.
I worked, long ago, at the group in QinetiQ that got hacked. A couple of observations:<p>1. The Talon project (the robot pictured) is not, in fact, super secret. I worked with the Talon platform, and while my projects were "confidential", it wasn't some super secret thing. Would the government rather not have the Chinese have that IP? Of course. Is it at a security disaster? Hardly. That's not to say that they didn't have other, much more secretive, projects that were also compromised; it's just that the stuff being reported in this article isn't, like, nuclear launch codes.<p>2. IT security there (and, as I understand it, at similar government contractors) really was laughable. Total cowboy land. Assuming it hasn't revolutionized its security and culture, this attack didn't need to be some amazing exploit; it may have been a phishing attack or something similarly straightforward. So while the article lacks details, I'm not sure there's anything interesting to find here about the merits of the attack.<p>FWIW.
I find it surprising that it would seem that the only country on the face of this planet hacking foreign countries and business are Chinese. I'm so pleased that no one in the US, UK, Israel, Russia, South Africa, Pakistan, India, Japan, Canada, etc would clearly never dream of such things. On top of that, I cant even begin to imagine why countries other than the US would seek intelligence to help them in defence.<p>Good job that no one is using computer or the internet to launch attacks on research and production facilities in foreign countries.....stuxnet.......oh.<p>This might be new to some, but it it turns out countries spy and thieve off each other. But all we seem to see is lots of articles about the evil red commie Chinese, who we all happily do business with, including allowing to own our debt, hack the US. Strange that.
Capitalism only works when there are security precautions to make sure that business between corporations and individuals is safe. This is true on the physical level, and sadly, will have to be true at the digital level as well. If companies are infamous for being unable to do long-term accounting, why the fuck are we expecting them to suddenly hold themselves accountable to other long-term risk?<p>I think it's stupid to cast this as the super whiz kid Chinese hackers and the poor SOB admins looking at the logs. There usually isn't even a proper budget <i>for</i> admins to be looking at logs.
'“When it comes to cyber security QinetiQ couldn’t grab their ass with both hands, so it cracks me up that they won,” Bob Slapnik, vice president at HBGary'<p>I love the smell of irony in the morning.
This just makes my brain hurt. "Cyber pillage" of the nation's "most closely guarded secrets" - so secret they were exposed on the Internet without, apparently, keeping up the security updates?<p>I think maybe the fault lies not with the Chinese superhackers, but with your definition of "closely guarded."
Well ... if you don't want something hacked don't expose it to the internet. Is there a reason why corporations does not have inner network that is electrically disconnected from the internet where the sensitive data is stored and manipulated?<p>Buying a second pc for every person is pocket change.
It's foolish to either ignore this stuff or to panic. Learn your lessons and continue developing technology. We'll starve in the streets before the government stops trying to develop another billion-dollar superweapon.
Even if the Chinese didn't have good hackers, they could do as the Russians used to do and turn Americans into spies with offers of money and sex.
That said, China has a major social flaw that has persisted throughout its' history -- success can be just as fatal as failure. Any wagers as to how long Comment Crew will continue to operate before they turn on their government or are snuffed out pre-emptively?
Aren't there any active packet-inspection devices out there (Palo Alto?) that can detect this kind of stuff?<p><pre><code> * Joe's working from home, but logged in? Disconnect!
* Joe's transfered 80GB today when he normally does 2GB? Disconnect!
* Joe's connecting from a VPN server in Croatia? Disconnect!</code></pre>